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DETAILED ACTION 

1. Claims 1-146 are pending examination. 

Election/Restrictions 

2. Applicant's election without traverse of claims 1 -80 and 1 07-1 30 in the reply filed 
on 7/18/07 is acknowledged. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the Invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

4. Claims 1-72 and 110-129 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Ginter et al (U.S. Patent 5,892,900). 

Regarding claims 1 and 110: 

Ginter discloses a method and system for computer workstation based 
information protection, comprising: monitoring user's actions on said computer 
workstation (col. 1 , lines 20-30); analysis of said actions in respect to a predefined 
policy to determine whether said actions prejudice information to which the policy 
applies (col. 302, line 40 - col. 303, line 40); and executing said policy in accordance 
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with the results of said analysis to prevent or modify or restrict or monitor or log said 
actions (Ibid). 

Regarding claims 2 and 111: 

Ginter further discloses wherein said policy comprises restrictions on at least one 
of: print, save, copy, autosave, fax (col. 252, line 40 - col. 253, line 30). 

Regarding claims 3 and 112: 

Ginter further discloses wherein said monitoring said user's actions on said 
workstation computer comprise detection of indications of attempts of tampering (col. 
85, lines 45-57). 

Regarding claim 4: 

Ginter further discloses obtaining logical indications or statistical indications (Ibid, 
and col. 88, lines 10-50). 

Regarding claims 5 and 113: 

Ginter further discloses detection of at least one uncertified add-in (col. 85, lines 
45-65, noting that uncertified add-ons would not be validated). 
Regarding claim 6: 

Ginter further discloses noting that said uncertified add-in is hooked to event of a 
local operating system (Ibid). 
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Regarding claims 7 and 1 14: 

Ginter further discloses detection of at least one debugging technique (col. 88, 
lines 10-50). 

Regarding claim 8: 

Ginter further discloses wherein said debugging technique comprises any of a 
debugger, virtual machine, software emulator, software trap, and remote administration 
tool (Ibid). 

Regarding claims 9 and 115: 

Ginter further discloses wherein said policy comprises restrictions of actions 
made available to said user upon detection of indications of attempts of tampering (col. 
176, lines 5-20). 

Regarding claims 10 and 116: 

Ginter further discloses applying restrictions on actions within a software 
application operable to process said information (col. 308, line 40 - col. 307, line 5). 

Regarding claim 11: 

Ginter further discloses performing at least one action upon detection of 
indications of attempts at tampering (col. 205, lines 40-60). 
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Regarding claim 12: 

Ginter further discloses at least one of encrypting at least one buffer, and 
encrypting at least one shared memory (col. 199, line 33 - col. 200, line 22). 

Regarding claim 13 

Ginter further discloses wherein said actions comprise preventing the decryption 
of encrypted digital content (col. 205, lines 40-60). 

Regarding claim 14: 

Ginter further discloses wherein said pre-defined policy is defined with respect to 
a software application on said user's workstation (col. 31 1, lines 30-60). 

Regarding claim 15: 

Ginter further discloses wherein said policy comprises reporting about attempts 
to perform actions that do not comply with an organization policy or are suspected to not 
comply with the organizational policy (col. 145, lines 25-50). 

Regarding claim 16: 

Ginter further discloses wherein said policy comprises performing logging of 
attempts to perform actions that do not comply or are suspected to not comply with the 
organizational policy (Ibid). 
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Regarding claim 17: 

Ginter further discloses protecting information held within a software data 
processing application able to process said information (col. 308, line 40 - col. 307, 5). 

Regarding claim 18: 

Ginter further discloses wherein said software data processing application 
operates in conjunction with a software client (Ibid). 

Regarding claims 19 and 117: 

Ginter further discloses wherein said software client is tamper resistant (col. 87, 
line 60 -col. 88, line 10). 

Regarding claims 20 and 118: 

Ginter further discloses wherein said software client is operable to monitor a 
user's actions and to execute said policy (col. 307, lines 1-5). 

Regarding claims 21 and 119: 

Ginter further discloses wherein said software client is operable to monitor said 
user's actions and policy (Ibid). 
Regarding claims 22 and 120: 

Ginter further discloses wherein said software client is further operable to detect 
events of said software application (col. 42, lines 15-40). 
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Regarding claim 23: 

Ginter further discloses wherein said events comprise any of: printing, copying 
storing, and displaying said information (col. 251, line 60 - col. 252, line 40). 

Regarding claims 24 and 121 : 

Ginter further discloses wherein said policy further comprises managing usage 
rights (col. 33, lines 35-65). 

Regarding claim 25: 

Ginter further discloses wherein said usage rights are determined according to 
any of the classification of the document, the classification level of the user, and the 
authentication level of the user (col. 302, lines 50-55). 

Regarding claims 26 and 122: 

Ginter further discloses wherein the usage rights comprise any of viewing at least 
part of said information; modifying at least part of said information; sending at least part 
of said information to a recipient; storing at least part of said information; storing at least 
part of said information by an application; storing at least part of said information by a 
file system; storing at least part of said information in a portable device;storing at least 
part of said information in a removable media; storing at least part of said information 
portable storage device that is connected to said workstation using a USB port; pasting 
at least part of said information into a document; printing at least part of said 
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information; printing at least part of said information to file; printing at least part of said 
information to a fax, and printing a screen view document (col. 1 56, line 60 - col. 1 57, 
line 20). 

Regarding claim 27: 

Ginter further discloses wherein said policy comprises definition of actions to be 
performed (col. 189, line 40 - col. 190, line 35). 

Regarding claim 28: 

Ginter further discloses wherein said actions comprise any of: enabling usage of 
at least part of said information, disabling usage of at least part of said information; 
restricting usage of at least part of said information according to a pre-determined set of 
restrictions; reporting about the usage of at least part of said information, and 
monitoring the usage of at least part of said information (Ibid). 

Regarding claim 29: 

Ginter further discloses wherein restriction of usage imposes requiring encryption 
of at least part of said protected information (col. 14, lines 25-50). 

Regarding claim 30: 

Ginter further discloses wherein said required encryption is such that 
corresponding encrypted information can be decrypted only by a secure client (Ibid). 
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Regarding claim 31: 

Ginter further discloses wherein said restriction of usage requires said protected 
information to reside on a secure server (col. 106, lines 40-55). 

Regarding claim 32: 

Ginter further discloses arranging a connection between said secure server and 
said workstation such that the transport between said secure server and said 
workstation is protected (col. 12, lines 30-40). 

Regarding claim 33: 

Ginter further discloses wherein said protected transport comprises encrypted 
transport (Ibid). 

Regarding claim 34: 

Ginter further discloses encryption of a file comprising at least part of said 
protected information wherein said file is at least one of the following: temporary file and 
auto-recovery file (col. 173, lines 13-67). 

Regarding claim 35: 

Ginter further discloses a file comprising at least part of said protected 
information, wherein said file comprises any of temporary file and auto-recover file 
(Ibid). 



Application/Control Number: 10/748,178 Page 10 

Art Unit: 2135 

Regarding claim 36: 

Ginter further discloses wherein said software client authenticates itself to a 
server before at least some of the sessions (col. 36, lines 10-45; col. 168, lines 45-67). 

Regarding claim 37: 

Ginter further discloses wherein said authentication depends on a classification 
level assigned to protected information (col. 302, lines 50-55). 

Regarding claim 38: 

Ginter further discloses wherein authentication is any of password based or 
network address based (col. 199, lines 5-10). 

Regarding claim 39: 

Ginter further discloses wherein said software client comprises components that 
can be automatically replaced (col. 16, lines 1-20). 

Regarding claim 40: 

Ginter further discloses wherein said secure server employs cryptographic 
encryption of at least one file containing said protected information (col. 37, lines 45-55). 
Regarding claim 41: 

Ginter further discloses wherein communication with said server is substantially 
transparent to said user (col. 34, lines 40-50). 
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Regarding claim 42: 

Ginter further discloses wherein in accordance with said policy said protected 
information is encrypted utilizing the encryption capabilities of said software application 
(col. 22, lines 1-5)! 

Regarding claims 43 and 125: 

Ginter further discloses wherein said software application operable to process 
said information is a word processing application (col. 301, lines 30-40). 

Regarding claim 44: 

Ginter further discloses wherein said software application comprises a control 
flag imparting the status of either read only or lock to a corresponding file, and wherein 
file modification within said software application which is operable to process said 
information is disabled via said flag (col. 247, lines 50-57). 

Regarding claim 45: 

Ginter further discloses wherein said disabling of said file modification is 
controlled by said policy (Ibid). 

Regarding claim 46: 

Ginter further discloses wherein said policy comprises adding forensic 
information to said protected information (col. 201, line 45 - col. 202, line 5). 
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Regarding claims 47 and 126: 

Ginter further discloses wherein said software client replaces the clipboard 
functionality of said software application thereby to process said protected information . 
with a secure clipboard functionality (col. 323, lines 10-55). 

Regarding claim 48: 

Ginter further discloses wherein said protected information copied into said 
secure clipboard is stored in an internal data structure inaccessible to other applications 
(Ibid). 

Regarding claims 49 and 127:. 

Ginter further discloses wherein said software client is installed automatically 
from a remote server (col. 237, lines 20-40). 

Regarding claims 50 and 128: 

Ginter further discloses wherein said installation of said software client utilizes 
anti-virus installation infrastructure (col. 240, lines 15-42). 

Regarding claim 51: 

Ginter further discloses wherein updates of said software client utilizes anti-virus 
installation infrastructure (Ibid). 
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Regarding claim 52: 

Ginter further discloses wherein at least part of the software code of said 
software client resides in an encrypted form (col. 237, lines 20-40). 

Regarding claim 53: 

Ginter further discloses wherein at least part of the software code of said 
software client is attached to hardware of said computer workstation (col. 87, 5-30). 

Regarding claim 54: 

Ginter further discloses wherein said software client is operable to automatically 
add information to said protected information in accordance with said policy (col. 201, 
line 45 -col. 202, line 5). 

Regarding claim 55: 

Ginter further discloses wherein said added information comprises any of a 
document header, footer, or textual disclaimer (col. 1 35, lines 20-35). 

Regarding claim 56: 

Ginter further discloses wherein said software client is operable to open file that 
comprises said protected information only while connected to at least one server (col. 
109, lines 20-67). 
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Regarding claim 57: 

Ginter further discloses wherein said servers enforce policy with respect to said 
information (col. 302, lines 40-60). 

Regarding claim 58: 

Ginter further discloses wherein said policy implies a set of restrictions regarding 
the usage of said protected information (col. 214, lines 15-40). 

Regarding claim 59: 

Ginter further discloses wherein the client software is operable to check that it is 
connected to a predetermined server before decrypting a file that comprises protected 
information (col. 109, lines 20-67). 

Regarding claim 60: 

Ginter further discloses wherein said servers enforce a policy with respect to said 
protected information, and wherein said policy comprises a set of restrictions regarding 
the usage of said protected information (col. 214, lines 15-40). 

Regarding claim 61: 

Ginter further discloses wherein at least two servers are operable to define said 
policy (col. 307, lines 25-55). 
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Regarding claim 62: 

Ginter further discloses wherein in the event of two or more conflicting policies 
are found, a strictest one of the policies is identified and used (col. 43, line 55 - col. 44, 
line 15). 

Regarding claim 63: 

Ginter further discloses wherein in the event of two or more conflicting policies 
are found, a union of the policies is identified and used (Ibid). 

Regarding claim 64: 

Ginter further discloses wherein connection to at least two servers are required in 
order to determine policy (col. 307, lines 25-55). 

Regarding claim 65: 

Ginter further discloses wherein said server authenticates the integrity of said 
client by requiring a cryptographic hash of at least part of said client's software (col. 
223, lines 45-67). 

Regarding claim 66: 

Ginter further discloses wherein said cryptographic hash is with respect to a 
random address in said client's software (col. 131 , line 27 - col. 1 32, line 13). 
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Regarding claim 67: 

Ginter further discloses wherein said client is entangled with said server's 
software, such that a functioning stand-alone copy of said client's software does not 
exist (col. 103, lines 45-67). 

Regarding claim 68: 

Ginter further discloses wherein said method comprises at least two levels of 
protection, and wherein said levels of protection are operable to be configured as a 
function of the secrecy of said protected information (col. 302, lines 50-55). 

Regarding claim 69: 

Ginter further discloses wherein in the most secure of said levels of protection, 
said protected information can only be accessed while connected to said server (col. 
103, lines 45-67). 

Regarding claim 70: 

Ginter further discloses wherein in at least one of said levels of protection, said 
information can be accessed for a limited time after the connection with said server was 
terminated (col. 32, lines 50-60). 
Regarding claim 71: 

Ginter further discloses wherein at least one of said levels of protection, said 
information can be accessed until the end of a current login session (col. 103, 45-67). 
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Regarding claim 72: 

Ginter further discloses wherein in at least one of said levels of protection, said 
information can be unlimitedly accessed after the server approves the information (col. 
198, lines 50-60). 

Regarding claim 123: 

Ginter further discloses wherein said client software is operable to check that it is 
connected to a predetermined server before decrypting a file that comprise said 
protected information only while connected to at least one server (col. 305, lines 15-25). 

Regarding claim 124: 

Ginter further discloses wherein said servers enforce a policy with respect to said 
protected information, and wherein said policy comprises a set of restrictions regarding 
the usage of the said protected information (col. 341, lines 1-25). 

Regarding claim 129: 

Ginter further discloses wherein said software is operable to automatically add 
information to said protected information in accordance with said policy (col. 32, 25-35). 
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5. Claims 73-75, 78-80, and 130 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Ronning (U.S. Patent 5,903,647). 

Regarding claims 73 and 130: 

Ronning discloses a method and system for information protection, comprising: 
defining an information protection policy with respect to certain information item (col. 5, 
lines 25-40); determining the measures required to protect said information according to 
said policy (Ibid, and col. 4, lines 17-23); and allowing said usage on a computer 
workstation of information comprising said items for which an information protection 
policy is defined only while said required measures are being applied (Ibid). 

Regarding claim 74: 

Ronning further discloses protecting information with a client software application 
(elements 68-74 of Figure 4A). 

Regarding claim 75: 

Ronning further discloses disabling at least one of the controls of said application 
(col. 6, lines 25-40). 

Regarding claim 78: 

Ronning further scanning at least one storage device and identifying the 
existence of pre-defined information objects (col. 6, lines 40-60). 
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Regarding claim 79: 

Ronning further discloses wherein said pre-defined objects comprise confidential 
information objects (Ibid, and Figures 4C & 6). 

Regarding claim 80: 

Ronning further discloses at least one rule regarding at least one event of at least 
one software application operable to handle said information (the rule being whether the 
content has been purchased: col. 3, lines 44-47). 

6. Claims 107-109 are rejected under 35 U.S.C. 102(b) as being anticipated by 
"Java Security: How to Install the Security Manager and Customize Your Security 
Policy" (hereinafter, "Venners"). 

Regarding claim 107: 

Venners discloses a method for computer workstation based information 
protection comprising: detecting an event at said workstation (pages 1-2, "The Security 
Manager and the Java API"); directing handling of said event (Ibid); and employing 
information protection based on an assessment of an importance of said event to 
protection of information indicated as requiring protection technique (Ibid; cf. page 3, 
"Security beyond the architecture"). 
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Regarding claim 108: 

Venners further discloses handling an event, said event being designated as 
directing information protection (pages 1-2, "The Security Manager and the Java API"); 
and employing a said information protection technique in reaction to said event (Ibid). 

Regarding claim 109: 

Venners discloses wherein said event comprise any of: loading a local operating 
system, loading an application, user action, presenting a specific information into the 
system, an event generated by another system, suspicious activity, operating system 
time event, and a network time event (bulleted list on page 2). 



Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



8. Claims 76 and 77 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Ronning as applied to claim 73 above, and further in view of England et al. (U.S. 
Patent Application Publication 2003/0200435). 
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Regarding claim 76: 

Ronning does not explicitly disclose encryption of the memory of a graphic card 
or video card. However, England discloses this limitation (paragraph 0025). It would 
have been obvious to one of ordinary skill in the art at the time the invention was made 
to encrypt the contents of a graphics card for protecting information found in the 
Ronning disclosure. The motivation for doing so would be to untrusted third parties 
from intercepting protected information (paragraphs 0004-0005). 

Regarding claim 77: 

Ronning does not explicitly disclose forcing a video card or graphic card to a 
mode that causes no meaningful information to be stored in said video card's memory. 
However, England discloses this limitation (paragraph 0025). It would have been 
obvious to one of ordinary skill in the art at the time the invention was made to ensure 
that no meaningful (i.e. decrypted and accessible) information is stored in the memory 
of the graphics card in the Ronning invention. The motivation for doing so would be to 
untrusted third parties from intercepting protected information (paragraphs 0004-0005). 

Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: U.S. Patents 6,012,033 to Vanden Berge; 5,715403 to Stefik; 
5,699,427 to Chow; and 5,638,443 to Stefik et al. 
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1 0. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tom Gyorfi whose telephone number is (571) 272-3849. 
The examiner can normally be reached on 8:30am - 5:00pm Monday - Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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